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Dear Sir: 

Applicant submits this Reply Brief in reply to the Examiner's Answer mailed in this case 
on March 3, 2008. It is believed that no fees are due in connection with the filing of this Reply 
Brief, however, the Commissioner is authorized to deduct any amounts required for this Reply 
Brief and to credit any amounts overpaid to Deposit Account. No. 09-0447. 

A. Claim 9 Has Not Been Rejected Over Any Prior Art, And Therefore Claims 
9-10 Should Be Allowed 

As stated in the "Status of Amendments" section of Applicant's Appeal Brief, Apphcant 

"notes that claim 9 has not been rejected over the cited references, and therefore requests that a 

notice of allowability be issued for at least claim 9 and claim 10 (which depends from claim 9)." 

In the Examiner's Answer , the Examiner stated that "The appellant's statement of the status of 

amendments after final rejection contained in the brief is correct." Examiner's Answer , p. 2. In 

the absence of any showing that the requirements of claim 9 are disclosed in the prior art. 

Applicant requests that a notice of allowability be issued for at least claim 9 and claim 10 (which 

depends from claim 9). 

B. Claims 1-8 and 11-26 Are Not Obvious And Should Be Allowed 

In response to Applicant's arguments concerning independent claims 1,11, and 19, the 
Examiner asserts that "The appellant argues with regards to the specification, but it is noted that 
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the features upon which applicant relies are not recited in the rejected claim(s)." Examiner's 

Answer , p. 6. With all due respect, this assertion is not correct. In particular, Applicant has 

appealed the obviousness rejection of claims 1,3, 11, 13, 19 and 21 because none of the cited art 

references, taken singly or in combination, discloses using a single sign-on (SSO) agent to not 

only (1) authenticate a user in response to an initial authentication request by obtaining or 

retrieving an attribute certificate having authentication data for the user, but also to (2) 

authenticate the user for subsequent authentication requests made by the SSO agent by using 

authentication data contained within the attribute certificate, as variously recited in claims 1,11 

and 19. See, e.g., claim 1 ("authenticating the user at the SSO agent for the initial authentication 

request; retrieving by the SSO agent an attribute certificate associated with the user; and 

authenticating the user for subsequent authentication requests via the SSO agent using 

authentication data within the attribute certificate.") (emphasis added). As set forth below, the 

centrality of the SSO agent to the initial and subsequent authentication requests is explicitly 

recited in the independent claims: 

Claim 1 : A method for an authentication process within a data processing system, 
the method comprising: 

receiving at a single sign-on (SSO) agent an initial authentication request for a user; 

authenticating the user at the SSO agent for the initial authentication request; 

retrieving by the SSO agent an attribute certificate associated with the user; and 

authenticating the user for subsequent authentication requests via the SSO agent 
using authentication data within the attribute certificate. 

Claim 1 1 : An apparatus for an authentication process within a data processing 
system, the apparatus comprising: 

means for receiving at a single sign-on (SSO) agent an initial authentication request 
for a user; 

means for authenticating the user at the SSO agent for the initial authentication 
request; 

means for retrieving by the SSO agent an attribute certificate associated with the user; 
and 

means for authenticating the user for subsequent authentication requests via the 
SSO agent using authentication data within the attribute certificate. 
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Claim 19 : A computer program product in a computer-readable medium for use in a 
data processing system for an authentication process, the computer program product 
comprising: 

instructions for receiving at a single sign-on (SSO) agent an initial authentication 
request for a user; 

instructions for authenticating the user at the SSO agent for the initial 
authentication request; 

instructions for retrieving by the SSO agent an attribute certificate associated with the 
user; and 

instructions for authenticating the user for subsequent authentication requests 
via the SSO agent using authentication data within the attribute certificate. 

After acknowledging Appellants' argument that the claimed SSO agent uses an attribute 

certificate in an initial and subsequent authentication, the Examiner asserts that he has 

"interpreted the independent claims 1,11, and 19, and Wood in a different manner than the 

appellant." Examiner's Answer , p. 6. If the Examiner's "interpretation" ignores the express 

claim requirements set forth above, then the interpretation is in error. "[T]he ordinary and 

customary meaning of a claim term is the meaning that the term would have to a person of 

ordinary skill in the art in question at the time of the invention," and is determined by 

considering, inter alia, "the language of the claims to determine what 'the applicant regards as 

his invention.'" Phillips v. AWHCorp., 415 F.3d 1303, 1313, 75 USPQ2d 1321, 1326 (Fed. Cir. 

2005). 

As for the "interpretation" of the Woods disclosure, the Examiner asserts that "Wood also 

teaches that the user may have to be authenticated an initial and subsequent time," citing Wood, 

col. 6, lines 1-10. Examiner's Answer , pp. 6-7. As seen from the quote of the cited passage 

below, there is simply no way that the cited passage supports the Examiner's assertion: 

If the entity requesting access has not yet been authenticated to the trust level required for 
the particular access to the particular enterprise application or information resource 
requested, authorization component 140 may indicate that the access request is to be 
redirected to login component 120 so that login credentials may be obtained and 
authenticated to a particular trust level. 

Woods Patent, col. 6, lines 4-10. Indeed, the very next sentence from Wood confirms that, 

once login credentials are obtained for a user, "the access will typically be allowed without 

the need for further login credentials and authentication ." Wood Patent, col. 6, lines 10-16. 

Thus, there are no "subsequent authentication requests" in the Wood scheme, much less 
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"authenticating the user for subsequent authentication requests via the SSO agent using 
authentication data" as claimed. 

In the Appeal Brief, Applicant points out that this deficiency is not remedied by Parker's 
disclosure of a system where the user (and not an SSO) is issued an attribute certificate. In 
response, the Examiner asserts that "this is irrelevant as Parker is not relied on for its 
authentication framework, only its explicit teaching of the attribute certificate." Examiner's 
Answer , p. 7. With all due respect, it is not "irrelevant" to point out that the deficiency of the 
Wood reference is not remedied by the disclosure of the Parker reference, nor is it "irrelevant" to 
point out that proposed combination "teaches away" from the claimed invention, nor is it 
"irrelevant" to point out that the Examiner's proposed combination of references would change 
the principle of operation of the prior art invention being modified. See, MPEP § 2144.05(111) 
("A prima facie case of obviousness may also be rebutted by showing that the art, in any material 
respect, teaches away from the claimed invention.") and MPEP, § 2143.01(VI) ("If the proposed 
modification or combination of the prior art would change the principle of operation of the prior 
art invention being modified, then the teachings of the references are not sufficient to render the 
claims prima facie obvious."). 

For at least the foregoing reasons. Applicant respectfully submits that a prima facie case 
of obviousness has not been established because neither Wood nor Parker (nor any of the other 
cited references) disclose or suggest using an SSO agent to both (1) authenticate a user in 
response to an initial authentication request, and to (2) authenticate the user for subsequent 
authentication requests using authentication data from an attribute certificate that is retrieved the 
SSO agent. Accordingly, claims 1,11 and 19 are allowable. To the extent that dependent claims 
3-8 and 12-26 each respectively incorporate the requirements of independent claims 1,11 and 
19, these dependent claims are likewise allowable, even though there are additional differences 
recited in the dependent claims. Accordingly, requests that the obviousness rejections of claims 
1-8 and 1 1-26 be withdrawn and that the claims be allowed 
CONCLUSION 

A prima facie case of obviousness has not been established because none of the cited 
references discloses Applicant's use of an SSO agent for authenticating a user for an initial and 
subsequent authentication requests using authentication data from an attribute certificate 
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obtained by the SSO agent. In view of the above arguments, it is respectfully urged that the 
rejection of the claims should not be sustained. 

For the above reasons, Applicant respectfully submits that the Examiner's rejections of 
claims 1-26 are unfounded and should be reversed. 



FILED ELECTRONICALLY 
May 5, 2008 



Respectfully submitted, 

/Michael Rocco Cannatti/ 

Michael Rocco Cannatti 
Attorney for Applicant 
Reg. No. 34,791 
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